Europe’s apparent inability to control the export of spyware and surveillance technology has turned it into a safe haven for such companies, according to a recent report by Amnesty International. The report, titled ‘The Predator Files: Caught in the Net’, uncovers the council of the EU and Commission’s lack of action in effectively controlling the spyware sector. It focuses on Intellexa Alliance, a company involved in developing and marketing a wide range of surveillance products. The report reveals how Intellexa managed to circumvent EU export control mechanisms, and was even granted authorization for spyware sales to Madagascar and Sudan by Greek authorities.
The EU-Regulation on Dual-use export controls, implemented since September 2021, aims to prevent cyber-surveillance technology from violating human rights by setting out specific obligations to exporters. However, the report criticizes this regulation for its significant shortcomings, such as not making human rights criteria a requirement but merely a consideration. Sophie in ´t Veld, Dutch MEP and member of the Pegasus investigation team, expressed her disappointment over the Commission’s refusal to act, making it complicit in all cases of spyware abuse.
The European Parliament Committee PEGA reported breaches of EU law by the Council and Commission. The committee concluded that member states, the Council, and the Commission were not interested in investigating spyware abuse fully. It also pointed out that despite efforts led by the US to counter spyware misuse, investigations connected to the Pegasus Project and Predator in Hungary, Spain, and Greece have not led to any accountability or redress for spyware victims.
Looking forward, Diana Riba i Giner, Spanish MEP and Vice-Chair of the PEGA Committee, calls for stringent regulation on the use of these spy technologies to prevent human rights abuses. Until such regulation is enforced, she suggests a moratorium to stop the sale and use of this technology within the EU. Meanwhile, Patrick Breyer, Pirate MEP, believes that manufacturers of smartphone operating systems should also be held liable for unpatched vulnerabilities that spyware manufacturers exploit.